Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Meltdown and Spectre

Another year, another major security incident comes to light. The first of this year’s Scam of the Week series looks at Meltdown and Spectre, which are being called the ‘worst ever’ CPU bugs affecting virtually all computers.

This CPU bug can be found in everything from smartphones to PCs to cloud computing devices. Even Apple, often touted for their safety features have announced that the Meltdown and Spectre flaws affect all Mac and iOS devices.

What are Meltdown and Spectre?

Meltdown is a security flaw that can enable hackers to bypass the hardware barrier between apps run by the user and the computer’s core memory.

Spectre, on the other hand, allows hackers to trick otherwise error free apps into giving up secret information.

How bad is it?

Although the year has only started, this will undoubtedly be one of the major tech security issues of 2018. Meltdown in particular is a serious problem in the short term that must be addressed ASAP. The Meltdown conundrum is a problem in that anything that runs an application can, in theory, steal your data. This even incudes simple things such as javascript viewed in a browser.

Meanwhile, Spectre will likely be utilised by more seasoned hackers as its harder to take advantage of. If a hacker utilises it to its full potential it is much harder to fix and commentators say it will be a much bigger problem in the long term.

In terms of the sensitive information that can be mined with these flaws, this includes anything stored in the devices affected memory. This means banking records, credit cards, financial data, logins, passwords and sensitive communications amongst others.

Can it be fixed?

You should update your computers with the latest security fixes as soon as possible. There are fixes for Linux and Windows already available.

Some devices are already protected such as Chromebooks that have been updated to Google’s Chrome OS63, Nexus and Pixel smartphones.

Users of other devices, such as Samsung and OnePlus, will need to wait for updates to be pushed out by their third-party manufacturers.

Apple released a statement last night in regard to their own devices to say: ““Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the app store.”

Will this be an even more notable year for cyber security threats than last year? Is this just the tip of the iceberg, let us know how you see this year panning out in terms of cyber security.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations